diogo/symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
forked from https://github.com/symfony/symfony
This repository has been archived on 2023-08-20. You can view files and clone it, but cannot push or open issues or pull requests.
16,927 Commits 24 Branches 563 Tags 228 MiB
PHP 98.7%
Twig 1.1%
CSS 0.1%
e020f749f0
Go to file
Fabien Potencier e020f749f0 bug #13890 Fix XSS in Debug exception handler (fabpot) 
This PR was merged into the 2.3 branch.

Discussion
----------

Fix XSS in Debug exception handler

| Q             | A
| ------------- | ---
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | n/a
| License       | MIT
| Doc PR        | n/a

This XSS issue has been reported to security@symfony.com but after discussing this issue, we decided to treat it as a regular bug as the debug mode **must** never be enabled on production servers (as it can leak many sensitive information coming from arguments displayed in the stack trace for instance -- even more information is leaked when used with the Symfony full-stack framework).

Commits
-------

1af6a9e fixed XSS in the exception handler
2015-03-11 10:21:57 +01:00
src/Symfony fixed XSS in the exception handler 2015-03-10 14:08:39 +01:00
.editorconfig Add EditorConfig File 2012-06-16 14:08:15 +02:00
.gitignore Test with local components instead of waiting for the subtree-splitter when possible 2015-03-05 00:16:30 +01:00
.travis.sh Test with local components instead of waiting for the subtree-splitter when possible 2015-03-05 00:16:30 +01:00
.travis.yml Test with local components instead of waiting for the subtree-splitter when possible 2015-03-05 00:16:30 +01:00
CHANGELOG-2.2.md Merge branch '2.2' into 2.3 2013-12-03 15:51:26 +01:00
CHANGELOG-2.3.md updated CHANGELOG for 2.3.25 2015-01-30 14:54:52 +01:00
composer.json [2.3] require-dev PHPUnit bridge 2015-02-24 11:24:26 +01:00
CONTRIBUTING.md [2.3] Update CONTRIBUTING.md 2015-02-24 10:01:10 +01:00
CONTRIBUTORS.md update CONTRIBUTORS for 2.3.25 2015-01-30 14:55:12 +01:00
LICENSE Updated copyright to 2015 2015-01-01 13:56:52 +01:00
phpunit.xml.dist [2.3] require-dev PHPUnit bridge 2015-02-24 11:24:26 +01:00
README.md Rename Symfony2 to Symfony 2014-11-24 15:09:11 +01:00
UPGRADE-2.1.md Remove aligned '=>' and '=' 2014-10-26 08:30:58 +01:00
UPGRADE-2.2.md [Doc] Use Markdown syntax highlighting 2014-10-01 07:38:33 +02:00
UPGRADE-2.3.md [Doc] Use Markdown syntax highlighting 2014-10-01 07:38:33 +02:00
UPGRADE-3.0.md Adjust upgrade file rendering 2014-11-18 09:38:51 +01:00

README.md

README

What is Symfony?

Symfony is a PHP 5.3 full-stack web framework. It is written with speed and flexibility in mind. It allows developers to build better and easy to maintain websites with PHP.

Symfony can be used to develop all kind of websites, from your personal blog to high traffic ones like Dailymotion or Yahoo! Answers.

Requirements

Symfony is only supported on PHP 5.3.3 and up.

Be warned that PHP versions before 5.3.8 are known to be buggy and might not work for you:

Installation

The best way to install Symfony is to download the Symfony Standard Edition available at http://symfony.com/download.

Documentation

The "Quick Tour" tutorial gives you a first feeling of the framework. If, like us, you think that Symfony can help speed up your development and take the quality of your work to the next level, read the official Symfony documentation.

Contributing

Symfony is an open source, community-driven project. If you'd like to contribute, please read the Contributing Code part of the documentation. If you're submitting a pull request, please follow the guidelines in the Submitting a Patch section and use Pull Request Template.

Running Symfony Tests

Information on how to run the Symfony test suite can be found in the Running Symfony Tests section.